Merge pull request #20470 from bwatters-r7/docs/readd-esc8

re-add ESC8 creation guide

Author: smcintyre-r7

documentation/modules/auxiliary/gather/ldap_esc_vulnerable_cert_finder.md

@@ -90,6 +90,22 @@ a normal user account by analyzing the objects in LDAP.
 1. Scroll down and select the `ESC3-Template2` certificate, and select `OK`.
 1. The certificate should now be available to be issued by the CA server.
 
+### Setting up a ESC8 Vulnerable Host
+1. Follow instructions for creating an AD CS enabled server
+1. Select Add Roles and Features
+1. Under "Select Server Roles" expand Active Directory Certificate Services and add `Certificate Enrollment Policy Web Service`, `Certificate Enrollment Web Service`, and `Certificate Authority Web Enrollment`.
+1. For each selection, accept the default for any pop-up.
+1. Accept the default features and install.
+1. When the installation is complete, click on the warning in the Dashboard for post-deployment configuration.
+1. Under Credentials, accept the default
+1. Under Role Services, select `Certificate Authority Web Enrollment`, `Certificate Enrollment Web Service`, and `Certificate Enrollment Policy Web Service`
+1. In CA for CES, accept the defaults
+1. In Authentication Types, accept the default integrated authentication
+1. In Service account for CES, select `Use built-in application pool identity`
+1. Accept default integrated authentication for CEP
+1. Select the domain certificate in Server Certificate (the one that starts with the domain name by default) if more than one appears.
+1. Accept the remaining defaults.
+
 ### Setting up a ESC9 Vulnerable Certificate Template
 1. Open up the run prompt and type in `certsrv`.
 1. In the window that appears you should see your list of certification authorities under `Certification Authority (Local)`.